kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
232746 commits 166 branches 0 tags 1.5 GiB
Commit graph

48 commits

Author SHA1 Message Date
taca
7acc97f360 Update php55 to 5.5.24. 
16 Apr 2015, PHP 5.5.24

- Apache2handler:
  . Fixed bug #69218 (potential remote code execution with apache 2.4
    apache2handler). (Gerrit Venema)

- Core:
  . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
    (Dmitry, Laruence)
  . Fixed bug #67626 (User exceptions not properly handled in streams).
    (Julian)
  . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
    characters). (Tjerk)
  . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
  . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
    configuration options). (Anatol Belski)
  . Additional fix for bug #69152 (Type confusion vulnerability in
    exception::getTraceAsString). (Stas)
  . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
    __call/... arg passing). (Nikita)
  . Fixed bug #69221 (Segmentation fault when using a generator in combination
    with an Iterator). (Nikita)
  . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
    vulnerability). (Stas)
  . Fixed bug #69353 (Missing null byte checks for paths in various PHP
    extensions). (Stas)

- Curl:
  . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
  . Fixed bug #69316 (Use-after-free in php_curl related to
    CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

- Date:
  . Export date_get_immutable_ce so that it can be used by extensions. (Derick
    Rethans)
  . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)

- Enchant:
  . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
    builds). (Anatol)

- Fileinfo:
  . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
    segfault). (Anatol Belski)

- Filter:
  . Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other
    flags are used). (Jeff Welch)
  . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
    Welch)

- Mbstring:
  . Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
    (Masaki Kagaya)

- OPCache
   . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
   . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)

- OpenSSL:
  . Fixed bug #67403 (Add signatureType to openssl_x509_parse).
  . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)

- Phar:
  . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
    (Mike)
  . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
  . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
  . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
    ".tar"). (Mike)
  . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
  . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
    phar_set_inode). (Stas)

- Postgres:
  . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)

- SPL:
  . Fixed bug #69227 (Use after free in zval_scan caused by
     spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)

- SOAP:
  . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
     (bisected, regression)). (thomas at shadowweb dot org, Laruence)

- SQLITE:
  . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
     (Dan Ackroyd)
  . Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)
 2015-04-17 16:40:58 +00:00
taca
72e144321e Update php55 to 5.5.23, including security fix. 
19 Mar 2015, PHP 5.5.23

- Core:
  . Fixed bug #69174 (leaks when unused inner class use traits precedence).
    (Laruence)
  . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
    (Laruence)
  . Fixed bug #69121 (Segfault in get_current_user when script owner is not
    in passwd with ZTS build). (dan at syneto dot net)
  . Fixed bug #65593 (Segfault when calling ob_start from output buffering
    callback). (Mike)
  . Fixed bug #69017 (Fail to push to the empty array with the constant value
    defined in class scope). (Laruence)
  . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
    not validated in memory.c). (nayana at ddproperty dot com)
  . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
  . Fixed bug #69141 (Missing arguments in reflection info for some builtin
    functions). (kostyantyn dot lysyy at oracle dot com)
  . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
  . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
    configuration options). (Anatol Belski)
  . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)

- CGI:
  . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)

- CLI:
  . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)

- cURL:
  . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
    Win32). (Grant Pannell)
  . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
    by libcurl. (Linus Unneback)

- Ereg:
  . Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas)

- FPM:
  . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)

- ODBC:
  . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)

- Opcache:
  . Fixed bug #69125 (Array numeric string as key). (Laruence)
  . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)

- OpenSSL:
  . Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe
    socket timeouts). (Brad Broerman)

- pgsql:
  . Fixed bug #68638 (pg_update() fails to store infinite values).
    (william dot welter at 4linux dot com dot br, Laruence)

- Readline:
  . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
    parameters). (Laruence)

- SOAP:
  . Fixed bug #69085 (SoapClient's __call() type confusion through
    unserialize()). (andrea dot palazzo at truel dot it, Laruence)

- SPL:
  . Fixed bug #69108 ("Segmentation fault" when (de)serializing
    SplObjectStorage). (Laruence)
  . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
    calling getChildren()). (Julien)

- ZIP:
  . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
    boundary) (CVE-2015-2331). (Stas)
 2015-03-20 16:30:37 +00:00
he
424e6c939b Add a comment to the patch. 2015-03-19 08:12:50 +00:00
taca
45b8146ccd Fix problem by PHP_BASE_VERS related changes. 2015-03-16 00:26:31 +00:00
he
798cfe53df Well, the fpm_sockets.c patch doesn't belong in php-fpm, but 
rather in the PHP package proper, and there's three of them.
Copy and adapt as necessary.
No revision bump here: only build fix for NetBSD with TCP_INFO.
 2015-03-05 11:16:28 +00:00
taca
942d813e46 Update php55 to 5.5.22 (PHP 5.5.22). 
19 Feb 2015, PHP 5.5.22

- Core:
  . Fixed bug #67068 (getClosure returns somethings that's not a closure).
    (Danack at basereality dot com)
  . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
    buffer overflow). (Stas)
  . Fixed bug #68942 (Use after free vulnerability in unserialize() with
    DateTimeZone). (CVE-2015-0273) (Stas)
  . Added NULL byte protection to exec, system and passthru. (Yasuo)
  . Removed support for multi-line headers, as the are deprecated by RFC 7230.
    (Stas)

- Date:
  . Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)

- Dba:
  . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

- Enchant:
  . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
    (Antony)

- Fileinfo:
  . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)

- FPM:
  . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
  . Fixed bug #68571 (core dump when webserver close the socket).
    (redfoxli069 at gmail dot com, Laruence)

- Libxml:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
    between threads). (Martin Jansen)

- OpenSSL:
  . Fixed bug #55618 (use case-insensitive cert name matching).
    (Daniel Lowrey)

- PDO_mysql:
  . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
    named pipes). (steffenb198@aol.com)

- Phar:
  . Fixed bug #68901 (use after free). (bugreports at internot dot info)

- Pgsql:
  . Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo)

- Sqlite3:
  . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
    required_num_args). (Julien)

- Mysqli:
  . Fixed bug #68114 (linker error on some OS X machines with fixed
    width decimal support) (Keyur Govande)
  . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
    has rounding errors) (Keyur Govande)

- Session:
  . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
  . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
  . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

- Standard:
  . Fixed bug #65272 (flock() out parameter not set correctly in windows).
    (Daniel Lowrey)
  . Fixed bug #69033 (Request may get env. variables from previous requests
    if PHP works as FastCGI)

- Streams:
  . Fixed bug which caused call after final close on streams filter. (Bob)
 2015-02-19 13:35:24 +00:00
sevan
315561a644 Fix CVE-2015-0273 php: #68942 Use after free vulnerability in 
unserialize() with DateTimeZone

Reviewed by wiz@
 2015-02-18 11:14:15 +00:00
taca
b019ab3429 Update php55 to 5.5.21. 
22 Jan 2014, PHP 5.5.21

- Core:
  . Upgraded crypt_blowfish to version 1.3. (Leigh)
  . Fixed bug #60704 (unlink() bug with some files path).
  . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
  . Fixed bug #65576 (Constructor from trait conflicts with inherited
    constructor). (dunglas at gmail dot com)
  . Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
    (Anatol)
  . Fixed bug #68297 (Application Popup provides too few information). (Anatol)
  . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
  . Fixed bug #65230 (setting locale randomly broken). (Anatol)
  . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR
    correctly). (Ferenc)
  . Fixed bug #68583 (Crash in timeout thread). (Anatol)
  . Fixed bug #68594 (Use after free vulnerability in unserialize()).
    (CVE-2014-8142) (Stefan Esser)
  . Fixed bug #68676 (Explicit Double Free). (Kalle)
  . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
    (CVE-2015-0231) (Stefan Esser)

- CGI:
  . Fixed bug #68618 (out of bounds read crashes php-cgi).(CVE-2014-9427)
    (Stas)

- CLI server:
  . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)

- cURL:
  . Fixed bug #67643 (curl_multi_getcontent returns '' when
    CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

- EXIF:
  . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)
    (Stas)

- Fileinfo:
  . Fixed bug #68671 (incorrect expression in libmagic).
    (Joshua Rogers, Anatol Belski)
  . Removed readelf.c and related code from libmagic sources
    (Remi, Anatol)
  . Fixed bug #68735 (fileinfo out-of-bounds memory access).
    (Anatol)

- FPM:
  . Fixed bug #68751 (listen.allowed_clients is broken). (Remi)

- GD:
  . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)

- Mbstring:
  . Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
    (Ashesh Vashi)

- Mcrypt:
  . Fixed possible read after end of buffer and use after free. (Dmitry)

- Opcache:
  . Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach
    loops). (Nikita)

- OpenSSL:
  . Fixed bug #55618 (use case-insensitive cert name matching). (Daniel Lowrey)

- Pcntl:
  . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
    when setting SIG_DFL). (Julien)

- PCRE:
  . Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
    (Rainer Jung, Anatol Belski)

- pgsql:
  . Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)

- PDO:
  . Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specific
    attribute names). (Matteo)

- PDO_mysql:
  . Fixed bug #68424 (Add new PDO mysql connection attr to control multi
    statements option). (peter dot wolanin at acquia dot com)

- SPL:
  . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
    breaks the RecursiveIterator). (Paul Garvin)
  . Fixed bug #65213 (cannot cast SplFileInfo to boolean) (Tjerk)
  . Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)

- SQLite:
  . Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)

- Streams:
  . Fixed bug #68532 (convert.base64-encode omits padding bytes).
    (blaesius at krumedia dot de)
 2015-01-23 16:10:34 +00:00
bsiegert
07edc3aa73 Apply the necessary flags to sqlite so that php55 builds correctly on Darwin 
prior to v9. From Sevan Janiyan in PR pkg/49527.
 2015-01-17 14:56:50 +00:00
taca
d88e5badbc Update php55 to 5.5.20, including security fix. 
17 Dec 2014, PHP 5.5.20

- Core:
  . Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks).
    (Adam)
  . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly
    triggered). (Julien)
  . Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)
  . Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)
  . Fixed bug #68594 (Use after free vulnerability in unserialize()).
    (CVE-2014-8142) (Stefan Esser)

- Date:
  . Fixed day_of_week function as it could sometimes return negative values
    internally. (Derick)

- FPM:
  . Fixed bug #68381 (fpm_unix_init_main ignores log_level).
    (David Zuelke, Remi)
  . Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all
    addresses). (Remi)
  . Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
  . Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
  . Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
  . Fixed bug #68452 (php-fpm man page is oudated). (Remi)
  . Fixed request #68458 (Change pm.start_servers default warning to
    notice). (David Zuelke, Remi)
  . Fixed bug #68463 (listen.allowed_clients can silently result
    in no allowed access). (Remi)
  . Fixed request #68391 (php-fpm conf files loading order).
    (Florian Margaine, Remi)
  . Fixed bug #68478 (access.log don't use prefix). (Remi)

- Mcrypt:
  . Fixed possible read after end of buffer and use after free. (Dmitry)

- PDO_pgsql:
  . Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
  . Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception
  when not in transaction) (Matteo)
  . Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving)
  (Matteo)

- zlib:
  . Fixed bug #53829 (Compiling PHP with large file support will replace
    function gzopen by gzopen64) (Sascha Kettler, Matteo)
 2014-12-19 16:10:38 +00:00
taca
9d371b6e26 Update php55 to 5.5.19. 
13 Nov 2014, PHP 5.5.19

- Core:
  . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in
    php_getopt()). (Stas)
  . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
  . Fixed bug #68129 (parse_url() - incomplete support for empty usernames
    and passwords) (Tjerk)
    Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
    zend_hash_copy). (Dmitry)

- Fileinfo:
  . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
  . Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
    (CVE-2014-3710) (Remi)

- FPM:
  . Implemented FR #55508 (listen and listen.allowed_clients should take IPv6
    addresses). (Robin Gloster)

- GD:
  . Fixed bug #65171 (imagescale() fails without height param). (Remi)

- GMP:
  . Fixed bug #63595 (GMP memory management conflicts with other libraries
    using GMP). (Remi)

- Mysqli:
  . Fixed bug #68114 (linker error on some OS X machines with fixed width
    decimal support) (Keyur Govande)

- ODBC:
  . Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by
    a VARCHAR column) (Keyur Govande)

- SPL:
  . Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)

- CURL:
  . Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
    CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
 2014-11-15 14:53:12 +00:00
taca
374708f6d7 Update php55 to 5.5.18. 
16 Oct 2014, PHP 5.5.18

- Core:
  . Fixed bug #67985 (Incorrect last used array index copied to new array after
    unset). (Tjerk)
  . Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported
    as 6.2 (instead of 6.3)). (Christian Wenz)
  . Fixed bug #67633 (A foreach on an array returned from a function not doing
    copy-on-write). (Nikita)
  . Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
  . Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
    (CVE-2014-3669) (Stas)

- cURL:
  . Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)

- EXIF:
  . Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
    (Stas)

- FPM:
  . Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable
    when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)

- OpenSSL:
  . Revert regression introduced by fix of bug #41631

- Reflection:
  . Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)

- Session:
  . Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)

- XMLRPC:
  . Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
    (CVE-2014-3668) (Stas)
 2014-10-18 14:27:30 +00:00
taca
47421e2dcc Update php55 to 5.5.17, approved by wiz@. 
18 Sep 2014, PHP 5.5.17

- Core:
  . Fixed bug #47358 (glob returns error, should be empty array()). (Pierre)
  . Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
  . Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
  . Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)

- COM:
  . Fixed bug #41577 (DOTNET is successful once per server run)
    (Aidas Kasparas)

- FPM:
  . Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke)

- OpenSSL:
  . Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
    (Daniel Lowrey)
  . Fixed bug #67850 (extension won't build if openssl compiled without SSLv3)
    (Daniel Lowrey)

- SPL:
  . Fixed bug #67813 (CachingIterator::__construct InvalidArgumentException
    wrong message). (tim_siebels_aurich at yahoo dot de)

- Date:
  . Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk)
  . Fixed bug #66985 (Some timezones are no longer valid in PHP 5.5.10).
    (Derick)
  . Fixed bug #67109 (First uppercase letter breaks date string parsing).
    (Derick)

- GD
  . Made fontFetch's path parser thread-safe. (Sara).

- MySQLi:
  . Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)

- Zlib:
  . Fixed bug #67724 (chained zlib filters silently fail with large amounts of
    data). (Mike)
  . Fixed bug #67865 (internal corruption phar error). Mike
 2014-09-30 08:14:25 +00:00
taca
7a5ac569e9 Update php55 to 5.5.16 (PHP 5.5.16). 
21 Aug 2014, PHP 5.5.16

- COM:
  . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).

- Fileinfo:
  . Fixed bug #67705 (extensive backtracking in rule regular expression).
    (CVE-2014-3538) (Remi)
  . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)

- FPM:
  . Fixed bug #67635 (php links to systemd libraries without using pkg-config).
    (pacho@gentoo.org, Remi)

- GD:
  . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
    (CVE-2014-2497) (Remi)
  . Fixed bug #67730 (Null byte injection possible with imagexxx functions).
    (CVE-2014-5120) (Ryan Mauger)

- Milter:
  . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)

- OpenSSL:
  . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).

- readline:
  . Fixed bug #55496 (Interactive mode doesn't force a newline before the
    prompt). (Bob, Johannes)
  . Fixed bug #67496 (Save command history when exiting interactive shell
    with control-c). (Dmitry Saprykin, Johannes)

- Sessions:
  . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).

- Core:
  . Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
  . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)

- ODBC:
  . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
    char fields). (Keyur)
 2014-08-23 16:09:21 +00:00
taca
82753fd9d3 Update php55 to 5.5.15. 
24 Jul 2014, PHP 5.5.15

- Core:
  . Fixed bug #67428 (header('Location: foo') will override a 308-399 response
    code). (Adam)
  . Fixed bug #67436 (Autoloader isn't called if two method definitions don't
    match). (Bob)
  . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
    (Ferenc)
  . Fixed bug #67497 (eval with parse error causes segmentation fault in
    generator). (Nikita)
  . Fixed bug #67151 (strtr with empty array crashes). (Nikita)
  . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
    2012). (Christian Wenz)

- CLI server:
  . Implemented FR #67429 (CLI server is missing some new HTTP response codes).
    (Adam)
  . Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
    (Adam)

- FPM:
  . Fixed bug #67530 (error_log=syslog ignored). (Remi)
  . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)

- Intl:
  . Fixed bug #66921 (Wrong argument type hint for function
    intltz_from_date_time_zone). (Stas)
  . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
    (Stas)

- OPCache:
  . Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
    happen) (Dmitry, Laruence)

- pgsql:
  . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
    which affected builds against libpq < 7.3. (Adam)

- Phar:
  . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)

- SPL:
  . Fixed bug #67539 (ArrayIterator use-after-free due to object change during
    sorting). (research at insighti dot org, Laruence)
  . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)

- Streams:
  . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
 2014-07-26 00:11:55 +00:00
taca
f0b1dd8ec5 Add fix for CVE-2014-4698 and CVE-2014-4670. 
Bump PKGREVISION.
 2014-07-13 15:23:42 +00:00
taca
f94488369d Update php55 to 5.5.14 which includes several security fixes. 
26 Jun 2014, PHP 5.5.14

- Core:
  . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
  . Fixed bug #66622 (Closures do not correctly capture the late bound class
    (static::) in some cases). (Levi Morrison)
  . Fixed bug #67390 (insecure temporary file use in the configure script).
    (CVE-2014-3981) (Remi)
  . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
  . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
    (Stefan Esser)

- CLI server:
  . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

- Date:
  . Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
    (Adam)
  . Fixed regression in fix for bug #67118 (constructor can't be called twice).
    (Remi)

- Fileinfo:
  . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
    (CVE-2014-0207)
  . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
    string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
    check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
    (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
    check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

- Intl:
  . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
  . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
    uloc_getDisplayName (libicu 4.8.1)). (Stas)

- Network:
  . Fixed bug #67432 (Fix potential segfault in dns_get_record()).
    (CVE-2014-4049). (Sara)

- OPCache:
  . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)

- OpenSSL:
  . Fixed bug #65698 (certificates validity parsing does not work past 2050).
    (Paul Oehler)
  . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
    (Paul Oehler)

- PDO-ODBC:
  . Fixed bug #50444 (PDO-ODBC changes for 64-bit).

- SOAP:
  . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)

- SPL:
  . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
  . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
  . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
  . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
    Confusion). (CVE-2014-3515) (Stefan Esser)

  . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- DOM:
  . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
    not only the subset). (Anatol)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
    performance degradation) (CVE-2014-0237).

- FPM:
  . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
    (Julio Pintos)

- GD:
  . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)

- PCRE:
  . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
    from the upstream). (Anatol)

- Phar:
  . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
    in its name). (PR #588)
 2014-06-27 11:34:19 +00:00
fhajny
ef406dfd0d Remove detection of a threaded Apache MPM at configure time. 
Fixes the problem where thread safety was not consistent in
the php, ap-php and php-* extension packages, and makes ap-php
adhere to the maintainer-zts option. Bump PKGREVISION.
 2014-06-13 14:31:19 +00:00
fhajny
1bcd677f17 Add the mysqlnd (MySQL Native Driver) include files. 
Bump PKGREVISION for this and the previous commit.
 2014-06-13 14:13:20 +00:00
fhajny
7bc1f7f9f0 Fix problems on SunOS with the combination of FPM, event ports and catch_workers_output=yes. 
See https://bugs.php.net/bug.php?id=65800.
 2014-06-13 14:09:34 +00:00
taca
0c63929ad5 Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238. 
29 May 2014, PHP 5.5.13

- CLI server:
  . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)

- COM:
  . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)

- Core:
  . Fixed bug #65701 (copy() doesn't work when destination filename is created
    by tempnam()). (Boro Sitnikovski)
  . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
  . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
    zend_exceptions.c). (Bob)
  . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
  . Fixed bug #67249 (printf out-of-bounds read). (Stas)
  . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
  . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)

- Curl:
  . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)

- Date:
  . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- DOM:
  . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
    not only the subset). (Anatol)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
    performance degradation) (CVE-2014-0237).

- FPM:
  . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
    (Julio Pintos)

- GD:
  . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)

- PCRE:
  . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
    from the upstream). (Anatol)

- Phar:
  . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
    in its name). (PR #588)
 2014-05-31 04:26:39 +00:00
he
b8f3a9e9b0 Apply a patch to fix CVE-2014-2497, taken from 
https://bugs.php.net/patch-display.php?bug_id=66901
Bump PKGREVISION for php-gd correspondingly.
 2014-05-11 11:20:47 +00:00
taca
2aee748e8b Update php55 to 5.5.12. 
01 May 2014, PHP 5.5.12
- Core:
  . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
  . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
    UNIX sockets). (Mike)
  . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
  . Fixed bug #66736 (fpassthru broken). (Mike)
  . Fixed bug #67024 (getimagesize should recognize BMP files with negative
    height). (Gabor Buella)
  . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)

- cURL:
  . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
    (Freek Lijten)

- Date:
  . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
    supplied). (Boro Sitnikovski)

- Embed:
  . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).

- Fileinfo:
  . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
    (Remi)

- FPM:
  . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  . Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)

- JSON:
  . Fixed bug #66021 (Blank line inside empty array/object when
    JSON_PRETTY_PRINT is set). (Kevin Israel)

- LDAP:
  . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)

- mysqli:
  . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
    (extra comma) and third parameters (lack of escaping). (Andrey)

- OpenSSL:
  . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
  . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)

- SimpleXML:
  . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
    (Anatol)

- SQLite:
  . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)

- XSL:
  . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
    when loaded with "file://"). (Anatol)

- Apache2 Handler SAPI:
  . Fixed Apache log issue caused by APR's lack of support for %zu
    (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
    (Jeff Trawick)
 2014-05-01 15:52:33 +00:00
jperkin
901f24490f Don't define _XOPEN_SOURCE on SunOS, it conflicts with the environment 
from the PHP build.
 2014-04-14 10:17:19 +00:00
taca
04453350ed Update php55 to 5.5.11. 
CVE-2013-7345 is already fixed in 5.5.10nb2.


03 Apr 2014, PHP 5.5.11

- Core:
  . Allow zero length comparison in substr_compare() (Tjerk)
  . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)

- SPL:
  . Added feature #65545 (SplFileObject::fread()) (Tjerk)

- cURL:
  . Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
  . Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
    (Adam)

- FPM:
  . Added clear_env configuration directive to disable clearenv() call.
  (Github PR# 598, Paul Annesley)

- Fileinfo:
  . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
    expression). (CVE-2013-7345) (Remi)

- GD:
  . Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
  . Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
  . Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
  . Fixed bug #66890 (imagescale segfault). (Remi)
  . Fixed bug #66893 (imagescale ignore method argument). (Remi)

- Hash:
  . hash_pbkdf2() now works correctly if the $length argument is not specified.
    (Nikita)

- Intl:
  . Fixed bug #66873 (A reproductible crash in UConverter when given invalid
    encoding) (Stas)

- Mail:
  . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)

- MySQLi:
  . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
  (Remi)

- OPCache
  . Added function opcache_is_script_cached(). (Danack)
  . Added information about interned strings usage. (Terry, Julien, Dmitry)

- Openssl:
  . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)

- GMP
  . Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)

- SQLite:
  . Updated bundled libsqlite to 3.8.3.1 (Anatol)
 2014-04-04 03:04:59 +00:00
he
b86cfeffef Apply patch to fix CVE-2013-7345. Bump PKGREVISION. 
OK'ed by wiz.
 2014-03-29 22:10:15 +00:00
asau
b34b1b4288 Stop treating FreeBSD 10 as FreeBSD 1. 
This lets a number of PHP extensions build.
Bump package revision.
 2014-03-19 21:50:22 +00:00
taca
d26b5634a3 Update php55 to 5.5.10 (PHP 5.5.10). 
Version 5.5.10

6-Mar-2014

* Core:

  - Fixed bug #66574 (Allow multiple paths in php_ini_scanned_path).

* Date:

  - Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones
    per offset too).

* Fileinfo:

  - Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
  - Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)).

* GD:

  - Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
    (CVE-2013-7327)).

* JSON:

  - Fixed bug #65753 (JsonSerializeable couldn't implement on module extension).
* LDAP:
  - Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
* Openssl:
  - Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).

* PCRE:

  - Upgraded to PCRE 8.34.

* Pgsql:

  - Added warning for dangerous client encoding and remove possible injections
    for pg_insert()/pg_update()/pg_delete()/pg_select().
 2014-03-09 14:09:20 +00:00
tron
73d05e2276 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:17:32 +00:00
taca
17212df85f Update php55 to 5.5.9 (PHP 5.5.9). 
06 Feb 2014, PHP 5.5.9

- Core:
  . Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)

- GD:
  . Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()).
    (Laruence, Remi)

- OPCache:
  . Fixed bug #66474 (Optimizer bug in constant string to boolean conversion).
    (Dmitry)
  . Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0).
    (Dmitry)
  . Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
    ^M as lineend). (Laruence)

- PDO_pgsql:
  . Fixed bug #62479 (PDO-psql cannot connect if password contains
spaces) (willfitch, iliaa)

- Readline
  . Fixed Bug #66412 (readline_clear_history() with libedit causes segfault after
    #65714). (Remi)

- Session
  . Fixed bug #66469 (Session module is sending multiple set-cookie headers when
    session.use_strict_mode=1) (Yasuo)
  . Fixed bug #66481 (Segfaults on session_name()).
    (cmcdermottroe at engineyard dot com, Yasuo)

- Standard
  . Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol)

- Sockets:
  . Fixed bug #66381 (__ss_family was changed on AIX 5.3). (Felipe)

- Zend Engine
  . Fixed bug #66009 (Failed compilation of PHP extension with C++ std
    library using VS 2012). (Anatol)
 2014-02-07 15:35:05 +00:00
taca
7c3bc3ee18 Update php55 to 5.5.8. 
9 Jan 2014, PHP 5.5.8

- Core:
  . Disallowed JMP into a finally block. (Laruence)
  . Added validation of class names in the autoload process. (Dmitry)
  . Fixed invalid C code in zend_strtod.c. (Lior Kaplan)
  . Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
    (Nikita)
  . Fixed bug #65764 (generators/throw_rethrow FAIL with
    ZEND_COMPILE_EXTENDED_INFO). (Nikita)
  . Fixed bug #61645 (fopen and O_NONBLOCK). (Mike)
  . Fixed bug #66218 (zend_register_functions breaks reflection). (Remi)

- Date:
  . Fixed bug #66060 (Heap buffer over-read in DateInterval). (Remi)
  . Fixed bug #65768 (DateTimeImmutable::diff does not work). (Nikita Nefedov)

- DOM:
  . Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML()
    Produces invalid Markup). (Mike)

- Exif:
  . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)

- Filter:
  . Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam)

- GD:
  . Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
    (Adam)

- PDO_odbc:
  . Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
    (michael at orlitzky dot com)

- MySQLi:
  . Fixed bug #65486 (mysqli_poll() is broken on win x64). (Anatol)

- OPCache:
  . Fixed reavlidate_path=1 behavior to avoid caching of symlinks values.
    (Dmitry)
  . Fixed Issue #140: "opcache.enable_file_override" doesn't respect
    "opcache.revalidate_freq". (Dmitry).

- SNMP:
  . Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin)

- SOAP
  . Fixed bug #66112 (Use after free condition in SOAP extension).
    (martin dot koegler at brz dot gv dot at)

- Sockets:
  . Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined). (Felipe)

- XSL
  . Fixed bug #49634 (Segfault throwing an exception in a XSL registered
    function). (Mike)

- ZIP:
  . Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)
 2014-01-11 17:05:09 +00:00
taca
1fbdeb047a Update php55 to 5.5.7 (PHP 5.5.7). 
12 Dec 2013, PHP 5.5.7

- CLI server:
  . Added some MIME types to the CLI web server (Chris Jones)
  . Implemented FR #65917 (getallheaders() is not supported by the built-in web
    server) - also implements apache_response_headers() (Andrea Faulds)

- Core:
  . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
    string). (Laruence)

- OPCache
  . Fixed bug #66176 (Invalid constant substitution). (Dmitry)
  . Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
  . Fixed bug #65559 (Opcache: cache not cleared if changes occur while
    running). (Dmitry)

- OpenSSL:
  . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
    (Stefan Esser).

- readline
  . Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)
 2013-12-13 15:33:22 +00:00
taca
78a978b0a1 Add fix for CVE-2013-6712, ext/date DoS vulnerability. 
Bump PKGREVISION.
 2013-12-05 16:16:40 +00:00
taca
3d3ac75faf Update php55 package to 5.5.6. 
14 Nov 2013, PHP 5.5.6

- Core:
  . Fixed bug #65947 (basename is no more working after fgetcsv in certain
    situation). (Laruence)
  . Improved performance of array_merge() and func_get_args() by eliminating
    useless copying. (Dmitry)
  . Fixed bug #65939 (Space before ";" breaks php.ini parsing).
    (brainstorm at nopcode dot org)
  . Fixed bug #65911 (scope resolution operator - strange behavior with $this).
    (Bob Weinand)
  . Fixed bug #65936 (dangling context pointer causes crash). (Tony)

- FPM:
  . Changed default listen() backlog to 65535. (Tony)

- MySQLi:
  . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)

- OPcache
  . Increased limit for opcache.max_accelerated_files to 1,000,000. (Chris)
  . Fixed issue #115 (path issue when using phar). (Dmitry)
  . Fixed issue #149 (Phar mount points not working with OPcache enabled).
  (Dmitry)

- ODBC
  . Fixed bug #65950 (Field name truncation if the field name is bigger than
    32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo)

- PDO:
  . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
    throws an exception). (Laruence)
  . Fixed bug 65946 (sql_parser permanently converts values bound to strings)

- Standard:
  . Fixed bug #64760 (var_export() does not use full precision for floating-point
    numbers) (Yasuo)
 2013-11-15 16:33:14 +00:00
khorben
2886b42c15 Fixed a typo in the DESCR files for PHP 2013-11-07 23:52:40 +00:00
joerg
f29d446a48 Override clang -R test, the wrappers drop -R/usr/lib. 2013-10-25 21:47:51 +00:00
taca
a8f12bfe2c Update php55 to 5.5.5. 
17 Oct 2013, PHP 5.5.5

- Core:
  . Fixed bug #64979 (Wrong behavior of static variables in closure generators).
    (Nikita)
  . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita)
  . Fixed bug #65821 (By-ref foreach on property access of string offset
    segfaults). (Nikita)

- CLI server:
  . Fixed bug #65633 (built-in server treat some http headers as
    case-sensitive). (Adam)
  . Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
    encoding). (Felipe)
  . Added application/pdf to PHP CLI Web Server mime types (Chris Jones)

- Datetime:
  . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error
    message). (Boro Sitnikovski)
  . Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime).
    (Boro Sitnikovski)
  . Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work).
    (Boro Sitnikovski)

- DBA extension:
  . Fixed bug #65708 (dba functions cast $key param to string in-place,
    bypassing copy on write). (Adam)

- Filter:
  . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn)
  . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
    (Syra)

- FTP:
  . Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter)

- GD
  . Ensure that the defined interpolation method is used with the generic
    scaling methods. (Pierre)

- IMAP:
  . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling
    imap). (ryotakatsuki at gmail dot com)

- OPcache:
  . Added support for GNU Hurd. (Svante Signell)
  . Added function opcache_compile_file() to load PHP scripts into cache
    without execution. (Julien)
  . Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
    (Dmitry)
  . Fixed bug #65665 (Exception not properly caught when opcache enabled).
    (Laruence)
  . Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var). (Dmitry)
  . Fixed issue #135 (segfault in interned strings if initial memory is too
    low). (Julien)

- Sockets:
  . Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
    (Mike)

- SPL:
  . Fix bug #64782 (SplFileObject constructor make $context optional / give it
    a default value). (Nikita)

- Standard:
  . Fixed bug #61548 (content-type must appear at the end of headers for 201
    Location to work in http). (Mike)

- XMLReader:
  . Fixed bug #51936 (Crash with clone XMLReader). (Mike)
  . Fixed bug #64230 (XMLReader does not suppress errors). (Mike)

- Build system:
  . Fixed bug #51076 (race condition in shtool's mkdir -p implementation).
    (Mike, Raphael Geissert)
  . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
    gzencode())). (Mike)
 2013-10-18 15:49:07 +00:00
taca
c084bd7e56 Fix php-socket with php55. 
- Use USE_PHP_EXT_PATCHES in net/php-sockets.
- Make AI_V4MAPPED noop if platform dosen't have it.

It is poor assumption that AI_V4MAPPED is always defined and V4 mapped
address is always available.
 2013-10-15 15:46:37 +00:00
joerg
e2502b1736 Add patch that would fix the build of net/php-sockets for PHP 5.5, if I 
knew how to get it applied.
 2013-10-15 14:43:51 +00:00
taca
af211b350d Update php55 to 5.5.4, approved by wiz@. 
18 Sep 2013, PHP 5.5.4

- Core:
  . Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
    (Laruence)
  . Improved fputcsv() to allow specifying escape character.
  . Fixed bug #65490 (Duplicate calls to get lineno & filename for
    DTRACE_FUNCTION_*). (Chris Jones)
  . Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding
    spaces). (Michael M Slusarz)
  . Fixed bug #65470 (Segmentation fault in zend_error() with
    --enable-dtrace). (Chris Jones, Kris Van Hees)
  . Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
  . Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
  . Fixed bug #61759 (class_alias() should accept classes with leading
    backslashes). (Julien)
  . Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4).
    (Nikita Popov)

- cURL:
  . Fixed bug #65458 (curl memory leak). (Adam)

- Datetime:
  . Fixed bug #65554 (createFromFormat broken when weekday name is followed
    by some delimiters). (Valentin Logvinskiy, Stas).
  . Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught
    by AddressSanitizer). (Remi).

- OPCache:
  . Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4).
    (Terry Ellison)

- Openssl:
  . Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in
    some cases). (Mark Jones)

- Session:
  . Fixed bug #65475 (Session ID is not initialized properly when strict session
    is enabled). (Yasuo)
  . Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize
    session serialize handler that uses plain serialize()). (Yasuo)

- Standard:
  . Fix issue with return types of password API helper functions. Found via
    static analysis by cjones. (Anthony Ferrara)
 2013-09-21 16:08:37 +00:00
adam
4cf2c5f3a8 Included mk/bsd.options.mk 2013-08-31 12:31:10 +00:00
taca
558212ae2d Update php55 to 5.5.3. 
22 Aug 2013, PHP 5.5.3

- Openssl:
  . Fixed UMR in fix for CVE-2013-4248.
 2013-08-23 03:12:49 +00:00
taca
cabdc9fcee Update php55 to 5.5.2. 
15 Aug 2013, PHP 5.5.2

- Core:
  . Fixed bug #62691 (solaris sed has no -i switch). (Chris Jones)
  . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
  . Fixed bug #61268 (--enable-dtrace leads make to clobber
    Zend/zend_dtrace.d) (Chris Jones)

- DOM:
  . Added flags option to DOMDocument::schemaValidate() and
    DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag.
    (Chris Wright)

- Sessions:
  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
    which protects against session fixation attacks and session collisions.
    (Yasuo Ohgaki)
  . Fixed possible buffer overflow under Windows. Note: Not a security fix.
    (Yasuo)
  . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)

- Pgsql:
  . Fixed bug #62978 (Disallow possible SQL injections with pg_select()
    /pg_update()/pg_delete()/pg_insert()). (Yasuo)

?? ??? 2013, PHP 5.5.2

- Core:
  . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
    fails). (Laruence)
  . Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was
    erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey
    avp200681 gmail com).
  . Fixed bug #65304 (Use of max int in array_sum). (Laruence)
  . Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
    limited case). (Arpad)

- OPcache:
  . Added opcache.restrict_api configuration directive that may limit
    usage of OPcahce API functions only to patricular script(s). (Dmitry)
  . Added support for glob symbols in blacklist entries (?, *, **).
    (Terry Elison, Dmitry)
  . Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on
    shutdown). (Dmitry)

- Openssl:
  . Fixed handling null bytes in subjectAltName (CVE-2013-4073).
    (Christian Heimes)

- PDO_mysql:
  . Fixed bug #65299 (pdo mysql parsing errors). (Johannes)

- Phar:
  . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for
    some specific contents). (Stas)

- SOAP:
  . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)

- SPL:
  . Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence)
  . Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua
    Thijssen)
  . Fixed bug #61697 (spl_autoload_functions returns lambda functions
    incorrectly). (Laruence)

- Streams:
  . Fixed bug #65268 (select() implementation uses outdated tick API). (Anatol)

- Pgsql:
  . Fixed bug #65336 (pg_escape_literal/identifier() scilently returns false).
    (Yasuo)
 2013-08-17 13:15:21 +00:00
taca
41c232d983 Since openssl's security problem has assigned CVE-2013-4248, update comment 
in the patch file.
 2013-08-16 00:38:13 +00:00
taca
1d45c6e860 Add fix fo openssl, CVE-2013-4073. 
Bump PKGREVISION.
 2013-08-14 15:42:56 +00:00
taca
ef1cbc9e4c Correct checking condition of PHP_CHECK_INSTALLED. 2013-08-14 14:53:03 +00:00
joerg
ce9d270850 Allow only the PHP version itself, otherwise the multi-version logic 
will trigger with failing distinfo entries.
 2013-08-13 10:22:26 +00:00
taca
92a53daa89 Add PHP 5.5.1 as lang/php55 version 5.5.1 package. 
This is new stable release of PHP.  Please refer UPGRADING file for
changes and updating.


PHP is an HTML-embedded scripting language. It is modular, with
some object-oriented features. Much of its syntax is borrowed from
C, Java and Perl with a couple of unique PHP-specific features
thrown in.  The language is designed to allow web developers to
write dynamically generated pages quickly.

This package provices PHP version 5.5.x.
 2013-07-29 16:41:02 +00:00